Facebook is being careless with user data, European group says

Facebook is needlessly exposing reams of valuable user information, a coalition of European data protection authorities wrote in an open letter this week. For its part, Facebook says its platform is perfectly safe.

ByMatthew ShaerMay 13, 2010

The default security settings on Facebook have been called 'unacceptable' by a top European commission. Should Facebook revise its plans for an expanded web presence?

A European commission has sharply criticized Facebook, and encouraged the social media site to revise its controversial new plans to expand its platform across the Web. In an open letter published this week, the Article 29 Working Party, a group of European data protection authorities, called Facebook's current default security settings dangerous to users and legally "unacceptable."

Of particular concern is Facebook's "open graph," which was introduced last month at the F8 conference. The "open graph," Facebook CEO Mark Zuckerberg said at the conference, would allow users to comment on and flag content outside of the Facebook site – effectively extending the size and reach of Facebook. Security analysts have panned the proposal, claiming that users could accidentally expose important personal information.

Facebook, the Working Party said, needs a "a default setting in which access to the profile information and information about the connections of a user is limited to self-selected contacts. Any further access, such as by search engines, should be an explicit choice of the user." The open letter also warned third-party providers – including the creators of applications such as FarmVille – to be careful with user data.

"Providers of social networking sites should be aware that it would be a breach of data protection law if they use personal data of other individuals contained in a user profile for commercial purposes if these other individuals have not given their free and unambiguous consent," the Working Party said.

Speaking to PC Magazine, a Facebook spokesman stood behind the "open graph" concept, and said Facebook gives its "users granular controls [that] enable each user to customize many individual settings in order to share, or protect, as much information as they feel comfortable with... We already enable users to exclude themselves from being indexed by search engines, and recently introduced granular data permissions for applications," the rep added.

Earlier this month, a bug ripped through Facebook, temporarily allowing users to peruse their friends' private chat messages, and even see other users' pending friend requests. Facebook patched up the problem, but not before news of the problem careened around the Web, raising concerns that Facebook was being too careless with user security.